go/firecracker-netns
1
0
Fork 0
Code Pull Requests Actions Packages Releases Activity

feature: build and use rootf dynamically and use kernel

Browse Source 
support rootfs :
- archlinux
- ubuntu
kernel 5.10.204 from url amazon url
Co-authored-by: RouxAntoine <antoinroux@hotmail.fr>
Co-committed-by: RouxAntoine <antoinroux@hotmail.fr>
This commit is contained in:
RouxAntoine 2024-01-06 13:25:47 +00:00 committed by antoine
parent 99ca371839
commit a2b5884726
4 changed files with 93 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
Makefile
View File

@ -1,4 +1,4 @@
.PHONY: build run ci get-alpine-rootfs .PHONY: build run ci
.EXPORT_ALL_VARIABLES: .EXPORT_ALL_VARIABLES:
GOARCH=amd64 GOARCH=amd64
@ -11,17 +11,19 @@ GOBUILDFLAGS=-tags dev
EXEC=out/main EXEC=out/main
build: out/alpine-minirootfs-3.19.0-x86_64.tar.gz $(EXEC) build: $(EXEC)
run: $(EXEC) run: $(EXEC)
@chmod +x $(EXEC) @chmod +x $(EXEC)
$(EXEC) sudo $(EXEC)
NS=practical_murdock
ssh:
sudo ip netns exec $(NS) ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeychecking=no 172.16.0.2
ci: ci:
golangci-lint run --fix golangci-lint run --fix
get-alpine-rootfs: out/alpine-minirootfs-3.19.0-x86_64.tar.gz
publish: publish:
scp $(EXEC) sf314:~/firecracker/ scp $(EXEC) sf314:~/firecracker/
@ -32,6 +34,3 @@ dependencies:
$(EXEC): cmd/main.go dependencies $(EXEC): cmd/main.go dependencies
@echo "build for os $$GOOS and arch $$GOARCH" @echo "build for os $$GOOS and arch $$GOARCH"
go build -o $@ -ldflags="$(LDFLAGS)" $(GOBUILDFLAGS) $< go build -o $@ -ldflags="$(LDFLAGS)" $(GOBUILDFLAGS) $<
out/alpine-minirootfs-3.19.0-x86_64.tar.gz:
wget -O $@ https://dl-cdn.alpinelinux.org/alpine/v3.19/releases/x86_64/alpine-minirootfs-3.19.0-x86_64.tar.gz

11
cmd/main.go
View File

@ -89,17 +89,18 @@ func setupEnv() int {
cpuCount := int64(4) cpuCount := int64(4)
memorySize := int64(1024) memorySize := int64(1024)
isSmt := true isSmt := true
socketPath := "/tmp/firecracker.socket"
cfg := firecracker.Config{ cfg := firecracker.Config{
SocketPath: "/tmp/firecracker.socket", SocketPath: socketPath,
KernelImagePath: "./vmlinux-5.10.204", KernelImagePath: "./out/vmlinux-5.10.204",
LogPath: "./firecracker.log", LogPath: "./out/firecracker.log",
LogLevel: "Debug", LogLevel: "Debug",
KernelArgs: "console=ttyS0 reboot=k panic=1 pci=off", KernelArgs: "console=ttyS0 reboot=k panic=1 pci=off",
Drives: []models.Drive{ Drives: []models.Drive{
{ {
DriveID: firecracker.String("rootfs"), DriveID: firecracker.String("rootfs"),
PathOnHost: firecracker.String("./ubuntu-22.04.ext4"), PathOnHost: firecracker.String("./out/rootfs.ext4"),
IsReadOnly: firecracker.Bool(false), IsReadOnly: firecracker.Bool(false),
IsRootDevice: firecracker.Bool(true), IsRootDevice: firecracker.Bool(true),
}, },
@ -124,7 +125,7 @@ func setupEnv() int {
firecracker.WithProcessRunner( firecracker.WithProcessRunner(
firecracker.VMCommandBuilder{}. firecracker.VMCommandBuilder{}.
WithBin("firecracker"). WithBin("firecracker").
WithSocketPath("/tmp/firecracker.socket"). WithSocketPath(socketPath).
Build(ctx), Build(ctx),
), ),
firecracker.WithLogger(logrus.NewEntry(log)), firecracker.WithLogger(logrus.NewEntry(log)),

27
rootfs-kernel/Makefile Normal file
View File

@ -0,0 +1,27 @@
.PHONY: use-arch use-ubuntu
# aarch64
# x86_64
ARCH=x86_64
use-arch: ../out/arch-rootfs.ext4
ln -fs $< ../out/rootfs.ext4
use-ubuntu: ../out/ubuntu-22.04.ext4 ../out/ubuntu-22.04.id_rsa
ln -fs $< ../out/rootfs.ext4
kernel: ../out/vmlinux-5.10.204
@echo "linux kernel retrieve"
../out/vmlinux-5.10.204:
wget -O $@ https://s3.amazonaws.com/spec.ccfc.min/firecracker-ci/v1.7/$(ARCH)/vmlinux-5.10.204
../out/arch-rootfs.ext4: ./arch-rootfs.sh
bash ./arch-rootfs.sh
../out/ubuntu-22.04.ext4:
wget -O $@ https://s3.amazonaws.com/spec.ccfc.min/firecracker-ci/v1.7/$(ARCH)/ubuntu-22.04.ext4
../out/ubuntu-22.04.id_rsa:
wget -O $@ https://s3.amazonaws.com/spec.ccfc.min/firecracker-ci/v1.7/$(ARCH)/ubuntu-22.04.id_rsa
chmod 400 $@

53
rootfs-kernel/arch-rootfs.sh Executable file
View File

@ -0,0 +1,53 @@
#!/usr/bin/env bash
# inspired by https://github.com/oraoto/archlinux-firecracker/blob/master/scripts/build-arch-rootfs.sh
set -ex
DISK_SIZE=10G
DISK_FILE=../out/arch-rootfs.ext4
DISK_ROOT=../out/mount
# Allocate rootfs disk
fallocate -l "$DISK_SIZE" "$DISK_FILE"
mkfs.ext4 -F $DISK_FILE
# Mount rootfs to mount
mkdir -p $DISK_ROOT
sudo mount $DISK_FILE $DISK_ROOT
sudo pacstrap -c $DISK_ROOT bash filesystem systemd-sysvcompat pacman iproute2 openssh git vim
echo "nameserver 1.1.1.1" | sudo tee $DISK_ROOT/etc/resolv.conf
sudo tee $DISK_ROOT/etc/systemd/system/internal-network.service <<-'EOF'
[Unit]
Description=Internal Network
[Service]
Type=oneshot
ExecStart=ip link set eth0 up
ExecStart=ip addr add 172.16.0.2/24 dev eth0
ExecStart=ip route add default via 172.16.0.1 dev eth0
RemainAfterExit=yes
[Install]
WantedBy=multi-user.target
EOF
sudo ln -s /etc/systemd/system/internal-network.service $DISK_ROOT/etc/systemd/system/multi-user.target.wants/
sudo ln -s /usr/lib/systemd/system/sshd.service $DISK_ROOT/etc/systemd/system/multi-user.target.wants/
# allow root login with empty password, unsafe !
sudo tee $DISK_ROOT/etc/ssh/sshd_config.d/98-archlinux.conf <<-'EOF'
PermitEmptyPasswords yes
PermitRootLogin yes
EOF
# Remove default (locked) root password
# See https://github.com/archlinux/svntogit-packages/commit/0320c909f3867d47576083e853543bab1705185b
sudo sed 's/^root:.*/root::14871::::::/' -i $DISK_ROOT/etc/shadow
sudo umount $DISK_ROOT
rmdir $DISK_ROOT